Save Article

The Future of Risk: 10 Trends to Watch

Save Article

Ten trends have the potential to significantly alter the risk landscape for companies around the world and change how they respond to and manage risk, according to The Future of Risk: New Games, New Rules, a report from Deloitte & Touche LLP.

“The onset and consequences of risk—and the entire nature of the risk discipline—are evolving. The good news is that the strategic conversation around risk is changing too, so that, for leaders today, risk can be used as a tool to create value and achieve higher levels of performance. It’s no longer something to only fear, minimize and avoid,” says Chuck Saia, CEO, Deloitte Risk and Financial Advisory, Deloitte & Touche LLP.

These trends span a number of categories, from technological advancements to business process and managerial innovations to macroeconomic forces. While each of these trends provides multiple opportunities to improve risk management, each one also carries with it one or more potential pitfalls or liabilities that organizations should consider. The full report covers these issues in detail and offers examples of how the 10 trends outlined below are now in play at companies across many industry sectors.

—Cognitive technologies augment human decision-making: Advancements in cognitive technologies, artificial intelligence and data analytics are helping organizations go beyond traditional ways of managing risks by using smart machines to detect, predict and prevent risks in high-risk situations. Cognitive technologies may be particularly useful where the risk area is critical, large amounts of data are available and current solutions aren’t effective. Organizations might consider upskilling employees so that they are able to more effectively use cognitive technologies to extract insights from data; new data visualization technologies may help such efforts.

—Controls become pervasive: Some of the smart devices that comprise the Internet of Things have the potential to help organizations detect risk events, derive crucial risk insights and even take immediate actions in the environment. The result? Real-time, pervasive, dynamic risk management that may improve risk-related decision-making in areas such as internal audit, supply chain management, finance, cybersecurity and controls testing. Organizations might also find opportunity to reduce cyber security and fraud risk by using sensor-enabled devices across the supply chain, especially in security-sensitive industries such as food production and pharmaceuticals. Organizations could also potentially manage risks introduced by customers by analyzing customer behavior through real-time data feeds.

—Behavioral science informs risk insights: Behavioral science—the study of human behavior through systematic research and scientific methods that draws from psychology, neuroscience, cognitive science and the social sciences—is becoming more prominent as a business discipline, including risk organizations. These are the types of questions leading organizations are looking to answer with behavioral science. In fact, as they attempt to answer questions regarding what drives risky behavior, how cognitive biases lead people to wrongly assess risk, and how to detect and modify risky behaviors, some Fortune 500 companies have even created the role of Chief Behavioral Officer.

“The widespread adaptation of behavioral science could potentially usher in a number of opportunities for organizations,” observes Mr. Saia. These might include “design interventions” to help executives overcome the influence of cognitive biases in decision-making; improved systems for monitoring high-risk individuals in sensitive roles; and more effective risk, forensics and financial transaction-related business processes.”

—Vigilance and resilience complement prevention as leading practices: Risk prevention methods can never be foolproof, and increasing investment in preventative approaches often yields only marginal benefit. Organizations are expanding their approaches to focus on vigilance (by developing the means to detect patterns that may indicate or even predict risk events) and resilience (expanding their capacity to rapidly contain and reduce the impact of risk events). The adoption of vigilance/resilience activities may expand to encompass the monitoring of emerging threats, the identification of anomalies in business processes, managing stoppages from third-party vendors and preparing for risk-related workplace disruptions.

—Risk transfer broadens in scope and application: Risk transfer instruments such as insurance and contracts aren’t new, but they can be expected to play a bigger role in the face of “mega-impact” risk events, including climate change, political unrest, terrorism and cyberattacks. In the past, few organizations considered hedging against such risks. But it may soon become commonplace as commercial third-party insurance, risk-sharing agreements, captive in-house insurance and other tools continue to gain in popularity. Financial industry innovation is also generating novel financial instruments that transfer and monetize risk.

—Innovation leads, regulation follows: As more organizations take on high-risk innovations as a strategy—even when they fall outside the scope of existing regulations—the rapid pace of innovation is increasingly driving the regulatory agenda. Organizations could potentially reduce regulatory risks by educating regulators and harnessing customer and public support, as well as by working with the industry ecosystem to establish self-regulatory frameworks. They might also clarify the organization’s risk appetite when evaluating projects that lie outside the realm of current regulations.

—Risk becomes a performance enabler: In the past, risk management was often an exercise in fear and avoidance, with organizations focused primarily on completing necessary, compliance-driven activities. But many leaders now view risks in terms of their potential to drive performance and value. As risks become more measurable and tangible, organizations may be better able to determine an accurate upside value for risk—and encourage a desired level of risk-taking behavior in a bid to balance risks and rewards. By viewing risk in this way, organizations could potentially be enabled to recognize intelligent risk-taking and foster a risk-intelligent culture.

—The networked economy demands collective risk management: As organizations become more connected to one another, and to “crowds,” than ever before, they share not only data, technology and other resources, but also more risks. “Increasingly, organizations are managing risk in a manner that reflects this new reality—transforming their risk processes through more open, collaborative approaches that address the challenges of a networked economy, and working together to identify, manage and reduce risk,” says Mr. Saia. Organizations might also form alliances with risk experts, researchers and academia to stay abreast of the latest threats and mitigation approaches, and also consider forming industrywide partnerships and consortiums.

—Disruption dominates the executive agenda: Business leaders are increasingly focusing on risks that threaten to disrupt the fundamental assumptions of their organizations’ strategies. Prioritizing such risks has become increasingly crucial, given that they can destroy sources of value creation. Yet, if handled well, viewing disruption through the lens of risk management may help organizations identify blind spots, institutional challenges and managerial biases that impede action. Such efforts may be aided by employing tools and techniques (such as real-time monitoring, scenario planning, stress-testing, wargaming and simulations) that can drive higher levels of sophistication in managing risk.

—Reputation risks accelerate and amplify: In today’s hyper-connected world, information can spread like wildfire. The convergence of mobile and social media is intensifying the impact of reputation risks for organizations, and is driving them to fundamentally rethink their approaches and proactively address these accelerated risks—and possibly seize an advantage. “The acceleration of reputational risk could offer organizations the opportunity to develop new capabilities for proactive brand-related crisis management,” notes Mr. Saia, who adds that organizations might consider “continually scanning media sources with technology-enabled intelligence capabilities, and developing an ambassador program to nurture external brand advocates.”

Organizations that are able to harness these trends may find that they are able to improve their risk resilience and develop capabilities to manage and respond to risk in ways that create value and achieve higher levels of performance.

The Future of Risk: 10 Trends to Watch

Related Deloitte Insights

Leading companies are recognizing that risk management is often an under-utilized function and are reassessing what it means to be a chief risk officer (CRO). Threat avoidance is still important. Now, however, effective CROs are bringing a risk-intelligent lens to the pursuit of opportunity and helping to shape the organization’s strategy rather than merely being reactive, says Sam Balaji, Global Business leader for Financial & Risk Advisory at Deloitte Global and vice chairman of the Deloitte U.S. Board of Directors, in this video interview.

Sustainability, which encompasses environmental, social, and governance (ESG) issues, is increasingly positioned at the top of board agendas as investors’ expectations continue to increase. Directors have a critical role to play. By fostering more proactive identification, measurement, and disclosure of ESG risks, directors can help provide insight into how the organization is integrating sustainability and stakeholder expectations into risk and strategy.

Leaders from business and government, including a former supreme commander of NATO, a former CEO of Harley-Davidson, a former vice chair of GE, and others, share their stories about how they successfully navigated risk, crisis, and disruption. Based on discussions with CEOs, senior business executives, and other leaders that were interviewed as part of Deloitte’s “Resilient” podcast series, these stories provide leadership insights on such topics as remaining humble, innovating and evolving, being transparent, and surviving disruption.

Views & Analysis

Culture is often an overlooked foundation of an organization’s strategy and performance. Yet today diagnostic tools, cognitive analytics, risk sensing and other technologies can provide organizations insights into day-to-day risk factors embedded within their cultures. Carey Oven, Deloitte Risk and Financial Advisory partner, Deloitte & Touche LLP, discusses the challenges organizations face in improving their culture risk profile and ways they can help protect their culture and monitor risks that could damage it.

Recent corporate scandals linked to problematic company cultures have led directors to look for ways to better monitor corporate culture, while trying to understand potential risks and address problems before they become a significant challenge. By treating culture risk as part of an integrated process of oversight that addresses strategy, performance, and risk—and taking a proactive and persistent approach—boards can improve their oversight of culture risk. Learn some general approaches to culture risk oversight that management and boards alike should consider.

Traditionally, internal audit (IA) has focused on providing assurance with respect to known risks and the effectiveness of controls in mitigating those risks. Regulators, however, are increasingly interested in an organization’s ability to identify blind spots and other vulnerabilities that may undermine the integrity of the risk management environment, including the risk of misconduct. IA functions can play a pivotal role by substantively testing culture and identifying potential risk-related outliers that may not be visible via other means, such as supervisory frameworks, escalations, compliance assessment and testing, and previous audits.

Editor's Choice

Robert Hull, chairman of the board of SPX FLOW and a director at Bojangles’ Inc., draws on a deep background in finance and operations for his current governance roles. The former CFO of Lowe’s Companies discusses how his finance career prepared him for a board role, and offers suggestions for what finance chiefs seeking to serve on a board can do to prepare. He also talks about the board’s role in risk management and strategy oversight.

New training models are providing organizations tools to measure, monitor, and address ethical and unethical behaviors. However, ethics training still has far to go to be effective, according to both Christopher Adkins, executive director of the Notre Dame Deloitte Center for Ethical Leadership, and Maureen Mohlenkamp, Deloitte Risk and Financial Advisory principal, Deloitte & Touche LLP. They discuss ways to strengthen ethics programs, advances in whistleblower helplines and how technology is impacting ethics training.

Digital risks are becoming a rising concern for the C-suite and boards, as industries continue to converge and companies adopt new business models to compete. Understand what steps can be deployed to address the strategic risks that come with today’s digital technologies in this conversation with William Ribaudo, managing partner of Deloitte Risk and Financial Advisory’s Digital Risk Venture Portfolio, Deloitte & Touche LLP. Also, learn why organizations should reassess their business models to understand their digital maturity.

About Deloitte Insights

Deloitte’s Insights for C-suite executives and board members provide information and resources to help address the challenges of managing risk for both value creation and protection, as well as increasing compliance requirements.